Using Claude Opus 4.6, Anthropic uncovered high-severity flaws in Mozilla’s browser, highlighting AI’s growing role in cybersecurity research.
AI is increasingly becoming a powerful tool in software security auditing.
In a recent collaboration with Mozilla, researchers at Anthropic used their AI model Claude Opus 4.6 to analyze the Firefox codebase—uncovering 22 security vulnerabilities in just two weeks.
Among those issues, 14 were classified as high severity, according to the companies.
Most of the vulnerabilities have already been patched in Firefox 148, released in February, while a few fixes are scheduled for an upcoming release.
Why Mozilla Chose Firefox for the Experiment
Anthropic focused its testing on Firefox, one of the most mature open-source browsers.
The reason was strategic.
Firefox represents:
- A large and complex codebase
- One of the most security-reviewed open-source projects
- A platform used by millions of internet users
In other words, if AI could uncover bugs there, it could potentially transform security testing across software ecosystems.
Anthropic began by examining Firefox’s JavaScript engine, then expanded its analysis to other components of the browser.
What the AI Found
Over the course of two weeks, Claude identified 22 separate vulnerabilities.
Breakdown of findings:
- 14 high-severity vulnerabilities
- 8 additional security flaws
These types of issues can include memory corruption, logic errors, or unsafe code paths that attackers could potentially exploit.
Most fixes were deployed in Firefox 148, reducing immediate risk for users.
Finding Bugs Is Easier Than Exploiting Them
Interestingly, Claude proved far more effective at detecting vulnerabilities than exploiting them.
Anthropic researchers attempted to generate proof-of-concept exploits using the AI.
To test its capability, they spent roughly:
- $4,000 in API credits
The result:
- Only two successful exploit proofs
This highlights an important distinction in cybersecurity.
Finding weaknesses in code is one challenge—turning them into functioning attacks is far harder.
AI as a New Security Auditor
The experiment offers a glimpse into how AI could reshape software security workflows.
For open-source projects in particular, AI tools could:
- Scan massive codebases rapidly
- Identify subtle vulnerabilities humans may miss
- Accelerate patching cycles
However, the technology also brings tradeoffs.
Anthropic noted that AI-driven development tools sometimes generate large volumes of low-quality code submissions, creating additional work for maintainers.
It’s a bit like introducing a tireless junior security analyst—fast and curious, but still requiring human supervision.
The Bigger Picture for AI in Cybersecurity
As AI models grow more capable, their role in defensive cybersecurity is expanding quickly.
Organizations are already experimenting with AI for:
- Automated vulnerability scanning
- Secure code review
- Threat detection
The Firefox experiment suggests that even highly secure, mature projects can benefit from AI-assisted auditing.
And as the technology evolves, AI could become a standard part of how software is tested before it ever reaches users.
TL;DR:
Anthropic used Claude Opus 4.6 to analyze the Firefox codebase and discovered 22 vulnerabilities in two weeks, including 14 high-severity flaws. Most issues were patched in Firefox 148, demonstrating how AI can accelerate security audits—though generating real exploits proved much harder.
AI Summary:
- Claude Opus found 22 vulnerabilities in Firefox during a two-week audit.
- 14 bugs were high severity, mostly fixed in Firefox 148.
- Anthropic spent $4,000 in API credits attempting exploit proofs.
- Only two exploits succeeded, showing exploitation is harder than detection.
- AI may become a powerful tool for open-source security reviews.
